vulnerability
No patch yet for Adobe PDF exploits - Adobe suggests a workaround; Mac and Linux users need not apply
Adobe issues advice on how to mitigate the latest exploits against its PDF Reader software.
For Windows users, anyway. Mac and Linux fans are still out in the cold.
Adobe investigates PDF Reader zero-day vulnerability reports
Adobe's security team has said that it is investigating reports of a brand new zero-day vulnerability affecting its Adobe Reader and Acrobat XI (11.0.1) products.
Always be wary of opening unsolicited PDF files!
Malware injected into legitimate JavaScript code on legitimate websites
SophosLabs has observed a trend of hackers inserting their malicious code into legitimate JavaScript hosted on legitimate compromised websites.
Learn more about what our experts have seen, and ensure that you have protection in place.
Oracle on Java - we *will* have Patch Tuesday on 19 Feb 2013 after all
Oracle brought forward its February Patch Tuesday to provide an accelerated fix for some in-the-wild exploits.
But that meant leaving other less vital stuff out, so the pre-empted Patch Tuesday will happen after all, on 19 Feb 2013. Be there!
VMWare security hole - it sounds like you need the patch, even if it's not clear why
VMWare just announced a patch for a security hole in its virtual machine software.
It sounds as though guests might be able to tweak their hosts without authorisation, or vice versa, so you probably want to patch now and ask your questions later.
Monday review - the hot 27 stories of the week
Just in case you missed any of our stories last week, here's a little recap.
Anatomy of a vulnerability - cURL web download toolkit holed by authentication bug
You may not have heard of cURL, but you've probably used software that uses it.
Recent versions contain a buffer overflow bug that could lead to remote code execution on your computer.
Paul Ducklin investigates, explains and advises...
Adobe patches Flash - heads off in-the-wild attacks against Windows and Apple users
It's not Tuesday...
Nevertheless, Adobe's Flash Player has been upgraded to patch against two in-the-wild exploits against Windows and Apple users.
Another Java update! Oracle brings Patch Tuesday forward to close in-the-wild hole...
"Yet another Java update! Get it while it's hot."
This update was planned for 19 Feb 2013.
But Oracle brought it forward, citing the "active exploitation 'in the wild' of one of the vulnerabilities affecting...desktop browsers".
Monday review - the hot 26 stories of the week
In case you missed any recent stories, here's everything we wrote in the last seven days.
Serious security holes fixed in Opera - but Mac App Store users left at risk again
It should go without saying that if you use Opera, you should update to version 12.13 as soon as possible.
But... what if you didn't get your copy of Opera from the official website?
What if, instead, you acquired your version of Opera for Mac from Apple's Mac App Store?
What if your security camera were an insecurity camera?
What if your security camera were an insecurity camera?
Paul Ducklin investigates and offers some advice...
Memories of the Slammer worm - ten years later
Ten years ago to the day, we published an FAQ about a computer worm called Slammer.
It was aptly named. If you were in IT back in 2003, I'm sure you remember it well...
It's really important you update your Foxit PDF Reader, but unfortunately their website is down
There's something to be said for not going with the crowd, when it comes to securing your computer.
But you best have your fingers crossed that your alternative providers' websites don't fall over when you need a security update.
Monday review - the hot 31 stories of the week
Here you go.
All the stories we wrote in the past seven days, in case you missed anything (or just want to read them again).
Java hacker boasts of finding two more unpatched holes
Serial Java fault-finder Adam Gowdiak has embarrassed Oracle yet again.
The Polish researcher is publicly bragging about two brand-new vulnerabilities he's found even since Oracle's most recent patch just a week ago.
War of words continues over Cisco Linksys router access exploit
Stories of a vulnerability in Cisco Linksys consumer routers have been circulating in the past week.
The stories have now turned into a low-key war of words.
Yet ANOTHER Java zero-day claimed - but this time you're laughing, right?
Irrepressible cybercrime investigator and reporter Brian Krebs has written about yet another Java zero-day exploit.
This one, it seems, targets an exploitable vulnerability even in Oracle's most recent release, Version 7 Update 11, aka 7u11.
Java is not JavaScript - tell your friends!
Some people are worried that turning off Java also turns off JavaScript.
Despite their names, Java and JavaScript are completely different, and turning off Java will not turn off JavaScript.
Microsoft to release an emergency security patch for Internet Explorer zero day flaw
Microsoft will be releasing an out-of-band patch for the recently-disclosed zero-day hole in Internet Explorer.
Find out if you need the patch, and start getting ready now. This one really is critical.
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
